[Samba] Issue with file server (Non-Domain Controller)
authenticating off the same LDAP as the PDC
Dale Schroeder
dale at BriannasSaladDressing.com
Wed Jan 21 18:38:01 GMT 2009
See if this is what you want:
http://us1.samba.org/samba/docs/man/Samba-Guide/unixclients.html#sdcsdmldap
Hope it helps.
Dale
David Markey wrote:
> Hi,
>
>
> Samba version 3.2-test(from git)
>
> I have a PDC(CS Domain) called kerry with an openldap backend, I have a
> file server that i want to authenticate off the same ldap as the PDC but
> i dont want it to be a BDC. This machine is called offaly.
>
>
> I would have thought that this would work pretty smoothly if i just
> configure domain logons = no.
>
> But then the file server generates it own SID and doesnt use the SID for the CS
> domain and creates its own account policies.
>
> Is there any way to have domain logons=yes but not act as a BDC or is it
> possible for to have domain logons=no and conform to the SID and account
> policies for the CS Domain.
>
> More info,
>
> When Domain Logons = no then it generates this in LDAP:
>
>
> dn: sambaDomainName=OFFALY,dc=cs,dc=dit,dc=ie
> sambaDomainName: OFFALY
> sambaSID: S-1-5-21-1810654286-1445949878-2619355827
> sambaAlgorithmicRidBase: 1000
> objectClass: sambaDomain
> sambaNextUserRid: 1000
> structuralObjectClass: sambaDomain
> entryUUID: 1db04188-79bc-102d-8b3c-bff53cf5d285
> creatorsName: cn=admin,dc=cs,dc=dit,dc=ie
> createTimestamp: 20090118145748Z
> sambaMinPwdLength: 5
> sambaPwdHistoryLength: 0
> sambaLogonToChgPwd: 0
> sambaMaxPwdAge: -1
> sambaMinPwdAge: 0
> sambaLockoutDuration: 30
> sambaLockoutObservationWindow: 30
> sambaLockoutThreshold: 0
> sambaForceLogoff: -1
> sambaRefuseMachinePwdChange: 0
>
>
> But it should i want it to use the CS domain one namely:
>
> dn: sambaDomainName=CS,dc=cs,dc=dit,dc=ie
> sambaAlgorithmicRidBase: 1000
> sambaNextUserRid: 1000
> structuralObjectClass: sambaDomain
> entryUUID: cf6b1632-7886-102d-88b4-cdd5ec2918da
> creatorsName: cn=admin,dc=cs,dc=dit,dc=ie
> createTimestamp: 20090117020342Z
> sambaRefuseMachinePwdChange: 0
> gidNumber: 1000
> sambaDomainName: CS
> sambaSID: S-1-5-21-162219125-2768231107-2725269179
> objectClass: top
> objectClass: sambaDomain
> objectClass: sambaUnixIdPool
> sambaLockoutDuration: 10
> sambaLockoutObservationWindow: 10
> sambaLockoutThreshold: 5
> sambaMinPwdLength: 5
> sambaPwdHistoryLength: 5
> sambaLogonToChgPwd: 0
> sambaMaxPwdAge: 7776000
> sambaMinPwdAge: 0
> sambaForceLogoff: -1
> uidNumber: 1009
> sambaNextRid: 1002
>
>
> Any Ideas?
>
> Thanks
>
> David
>
>
>
>
More information about the samba
mailing list